Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect, slow browser, iexplorer in task manager


  • This topic is locked This topic is locked
19 replies to this topic

#1 tknick90

tknick90

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 02 December 2011 - 07:50 PM

Hi

Here are the symptoms the system was exhibiting:

-Fake hard drive/RAM failure warnings (fixed)
-Fake control panel (fixed)
-Hid all files on desktop and in start menu, turned desktop black. (fixed)
-Search engine redirects, slow browser.
-iexplorer.exe continuously reopening in task manager and taking massive resources.

I've removed all the fake warnings and made all files visible again. I have also uninstalled Internet Explorer as a temporary fix to the last symptom I mentioned, but I have not fixed the root of this problem. Right now the machine still is exhibiting search engine redirects and slow web browsing. Its running Windows 7 64 bit.

Thanks in advance :)

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Tyler at 18:38:19 on 2011-12-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2109 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\lxddcoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files (x86)\ASUS\AASP\1.00.91\aaCenter.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tyler\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {16BFBB5D-BC7D-4D83-8F5A-62DDF0FB1B89} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Tyler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A053E56-D4EB-453B-8D59-90FF13D75D6C} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C619DBF4-8ABF-420C-9EBC-7C95B0F055FC} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C619DBF4-8ABF-420C-9EBC-7C95B0F055FC} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {16BFBB5D-BC7D-4D83-8F5A-62DDF0FB1B89} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\8dw4u93w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2493242&SearchSource=3&q={searchTerms}
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tyler\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-3-14 31104]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;C:\Windows\system32\DRIVERS\AN983X64.sys --> C:\Windows\system32\DRIVERS\AN983X64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-6 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxddserv.exe [2007-5-25 34224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-6 136176]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-30 16:24:33 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Ableton
2011-11-30 16:24:33 -------- d-----w- C:\ProgramData\Ableton
2011-11-30 14:52:34 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-11-30 14:51:53 39192 ----a-w- C:\Windows\SysWow64\Partizan.exe
2011-11-30 14:51:53 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2011-11-30 14:51:49 2 --shatr- C:\Windows\winstart.bat
2011-11-30 14:51:46 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2011-11-30 14:51:44 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-11-26 23:19:25 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-11-26 22:58:38 111408 ----a-w- C:\Windows\System32\drivers\97351660.sys
2011-11-25 17:53:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-25 16:42:18 208896 ----a-w- C:\Windows\MBR.exe
2011-11-25 16:42:17 98816 ----a-w- C:\Windows\sed.exe
2011-11-25 16:42:17 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-25 16:42:17 256000 ----a-w- C:\Windows\PEV.exe
2011-11-25 16:41:09 -------- d-----w- C:\ComboFix
2011-11-18 23:51:30 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-11-18 23:48:26 -------- d-----w- C:\Program Files (x86)\Ableton
2011-11-18 22:33:30 -------- d-----w- C:\found.000
2011-11-09 03:59:55 -------- d-----w- C:\538490e358cf2f9fa54d8708
2011-11-09 00:12:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 00:12:34 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 00:12:33 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 00:12:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-06 21:19:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-14 22:17:11 215160 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-14 22:17:11 215160 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-14 22:17:10 215160 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-12 23:55:35 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 18:46:51.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 04 December 2011 - 12:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 07 December 2011 - 09:30 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 tknick90

tknick90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 December 2011 - 05:00 PM

Sorry for the delay

Slow browser and search engine redirect still persist after running ComboFix.

Here's the ComboFix log:

ComboFix 11-12-06.02 - Tyler 12/07/2011 16:05:50.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2304 [GMT -5:00]
Running from: c:\users\Tyler\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 21:38 . 2011-12-07 21:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-07 21:38 . 2011-12-07 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-07 21:38 . 2011-12-07 21:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-30 16:24 . 2011-11-30 16:24 -------- d-----w- c:\users\Tyler\AppData\Roaming\Ableton
2011-11-30 16:24 . 2011-11-30 16:24 -------- d-----w- c:\programdata\Ableton
2011-11-30 14:52 . 2011-11-30 14:52 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-11-30 14:51 . 2011-11-30 14:51 39192 ----a-w- c:\windows\SysWow64\Partizan.exe
2011-11-30 14:51 . 2011-11-30 14:51 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2011-11-30 14:51 . 2011-11-30 14:51 2 --shatr- c:\windows\winstart.bat
2011-11-30 14:51 . 2011-11-03 17:58 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2011-11-30 14:51 . 2011-12-06 13:18 -------- d-----w- c:\program files (x86)\UnHackMe
2011-11-27 15:38 . 2011-11-27 15:38 -------- d-----w- c:\windows\system32\Macromed
2011-11-26 23:19 . 2011-11-26 23:19 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-26 22:58 . 2011-11-26 22:58 111408 ----a-w- c:\windows\system32\drivers\97351660.sys
2011-11-18 23:51 . 2011-03-29 19:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2011-11-18 23:48 . 2011-11-18 23:48 -------- d-----w- c:\program files (x86)\Ableton
2011-11-18 22:33 . 2011-11-18 22:33 -------- d-----w- C:\found.000
2011-11-09 03:59 . 2011-11-09 04:02 -------- d-----w- C:\538490e358cf2f9fa54d8708
2011-11-09 00:12 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 00:12 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 00:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:12 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 21:19 . 2011-09-23 20:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-14 22:17 . 2009-11-07 04:43 215160 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-14 22:17 . 2009-10-01 01:03 215160 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-14 22:17 . 2009-10-01 01:03 215160 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 03:25 . 2011-10-11 21:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-11 21:20 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-12 23:55 . 2009-08-24 21:54 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-25_17.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-26 18:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-20 01:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-26 18:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-20 01:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-20 01:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-26 18:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-24 10:45 . 2011-12-07 17:14 64844 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-07 17:14 35998 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-19 07:03 . 2011-11-30 14:55 25482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2412423666-3499215133-571947453-1001_UserData.bin
+ 2009-07-14 05:30 . 2011-11-28 23:24 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-12 19:35 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-08-19 07:31 . 2011-12-07 17:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:31 . 2011-11-25 16:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-19 07:31 . 2011-12-07 17:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-19 07:31 . 2011-11-25 16:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-25 16:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-07 17:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-07 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:02 . 2011-11-25 16:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-25 00:15 . 2011-12-07 17:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-25 00:15 . 2011-11-25 16:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-25 00:15 . 2011-11-25 16:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-25 00:15 . 2011-12-07 17:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-25 00:15 . 2011-11-25 16:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-11-25 00:15 . 2011-12-07 17:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-08-19 07:02 . 2011-12-07 17:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-19 07:02 . 2011-11-25 16:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-19 07:02 . 2011-11-25 16:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-07 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-07 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:02 . 2011-11-25 17:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:02 . 2011-11-25 17:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-07 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-25 16:24 . 2011-11-25 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-07 17:12 . 2011-12-07 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-07 17:12 . 2011-12-07 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-25 16:24 . 2011-11-25 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-12-07 17:18 661892 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-07 17:18 121810 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-11-28 23:24 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-12 19:35 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-12 19:35 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-11-28 23:24 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2011-11-26 00:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-25 16:52 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:46 . 2011-11-13 00:40 108224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-11-26 22:55 108224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-11-25 03:35 399968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-07 05:04 399968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-11-25 20:11 7388348 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-11 05:24 7388348 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-25 17:41 . 2011-10-28 03:04 50295240 c:\windows\SysWOW64\MRT.exe
+ 2009-07-14 02:34 . 2011-11-25 20:07 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-10 22:50 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-10 22:14 . 2011-11-09 03:59 52174280 c:\windows\system32\MRT.exe
+ 2009-09-10 22:14 . 2011-10-28 04:05 52174280 c:\windows\system32\MRT.exe
+ 2010-04-16 07:05 . 2011-12-07 05:04 48116627 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2412423666-3499215133-571947453-1001-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-02 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-02 601088]
"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2009-8-25 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 Asushwio;Asushwio;d:\bin\64bit\Asushwio.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-02-17 31104]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 19:38]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 19:38]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412423666-3499215133-571947453-1001Core.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-17 01:15]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412423666-3499215133-571947453-1001UA.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-17 01:15]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A053E56-D4EB-453B-8D59-90FF13D75D6C}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C619DBF4-8ABF-420C-9EBC-7C95B0F055FC}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\8dw4u93w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2493242&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{16BFBB5D-BC7D-4D83-8F5A-62DDF0FB1B89} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-53805105.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2412423666-3499215133-571947453-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,9b,46,30,cd,7e,de,84,b8,88,f0,d4,e2,b6,bb,b6,cc,4e,b5,f2,97,b0,c9,
e4,ba,d8,94,89,09,c8,b8,35,18,13,c1,75,c3,4c,9b,a5,6a,5d,67,6b,d7,5c,29,2c,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-07 16:57:24
ComboFix-quarantined-files.txt 2011-12-07 21:57
ComboFix2.txt 2011-11-25 17:49
ComboFix3.txt 2011-08-25 18:24
.
Pre-Run: 173,251,956,736 bytes free
Post-Run: 173,218,865,152 bytes free
.
- - End Of File - - 8779E2F38DC1BC40EFC868479BF3B74D

Edited by tknick90, 07 December 2011 - 05:02 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 07 December 2011 - 07:25 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tknick90

tknick90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 December 2011 - 08:32 PM

Scan came back with 0 threats found

Here's the log:


20:31:26.0571 7692 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
20:31:26.0682 7692 ============================================================
20:31:26.0682 7692 Current date / time: 2011/12/07 20:31:26.0682
20:31:26.0682 7692 SystemInfo:
20:31:26.0682 7692
20:31:26.0682 7692 OS Version: 6.1.7601 ServicePack: 1.0
20:31:26.0682 7692 Product type: Workstation
20:31:26.0682 7692 ComputerName: TYLER-PC
20:31:26.0682 7692 UserName: Tyler
20:31:26.0682 7692 Windows directory: C:\Windows
20:31:26.0682 7692 System windows directory: C:\Windows
20:31:26.0682 7692 Running under WOW64
20:31:26.0682 7692 Processor architecture: Intel x64
20:31:26.0682 7692 Number of processors: 4
20:31:26.0682 7692 Page size: 0x1000
20:31:26.0682 7692 Boot type: Normal boot
20:31:26.0682 7692 ============================================================
20:31:27.0689 7692 Initialize success
20:31:31.0135 3508 ============================================================
20:31:31.0135 3508 Scan started
20:31:31.0135 3508 Mode: Manual;
20:31:31.0135 3508 ============================================================
20:31:31.0939 3508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:31:31.0941 3508 1394ohci - ok
20:31:31.0993 3508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:31:31.0996 3508 ACPI - ok
20:31:32.0030 3508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:31:32.0031 3508 AcpiPmi - ok
20:31:32.0071 3508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:31:32.0076 3508 adp94xx - ok
20:31:32.0101 3508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:31:32.0105 3508 adpahci - ok
20:31:32.0124 3508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:31:32.0126 3508 adpu320 - ok
20:31:32.0187 3508 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:31:32.0200 3508 AFD - ok
20:31:32.0217 3508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:31:32.0218 3508 agp440 - ok
20:31:32.0237 3508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:31:32.0238 3508 aliide - ok
20:31:32.0255 3508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:31:32.0256 3508 amdide - ok
20:31:32.0270 3508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:31:32.0276 3508 AmdK8 - ok
20:31:32.0293 3508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:31:32.0294 3508 AmdPPM - ok
20:31:32.0308 3508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:31:32.0310 3508 amdsata - ok
20:31:32.0338 3508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:31:32.0341 3508 amdsbs - ok
20:31:32.0354 3508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:31:32.0355 3508 amdxata - ok
20:31:32.0374 3508 AN983X64 (8b538d3e36efb49fa8a37f9f023862a4) C:\Windows\system32\DRIVERS\AN983X64.sys
20:31:32.0375 3508 AN983X64 - ok
20:31:32.0417 3508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:31:32.0418 3508 AppID - ok
20:31:32.0455 3508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:31:32.0456 3508 arc - ok
20:31:32.0475 3508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:31:32.0477 3508 arcsas - ok
20:31:32.0504 3508 AsIO - ok
20:31:32.0536 3508 Asushwio - ok
20:31:32.0554 3508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:32.0555 3508 AsyncMac - ok
20:31:32.0599 3508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:31:32.0600 3508 atapi - ok
20:31:32.0643 3508 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
20:31:32.0646 3508 AvgLdx64 - ok
20:31:32.0683 3508 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
20:31:32.0684 3508 AvgMfx64 - ok
20:31:32.0724 3508 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
20:31:32.0728 3508 AvgTdiA - ok
20:31:32.0764 3508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:31:32.0769 3508 b06bdrv - ok
20:31:32.0792 3508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:32.0796 3508 b57nd60a - ok
20:31:32.0833 3508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:31:32.0834 3508 Beep - ok
20:31:32.0892 3508 BlackBox - ok
20:31:32.0924 3508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:32.0925 3508 blbdrive - ok
20:31:32.0983 3508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:31:32.0985 3508 bowser - ok
20:31:32.0996 3508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:31:32.0997 3508 BrFiltLo - ok
20:31:33.0010 3508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:31:33.0010 3508 BrFiltUp - ok
20:31:33.0029 3508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:31:33.0032 3508 Brserid - ok
20:31:33.0052 3508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:33.0053 3508 BrSerWdm - ok
20:31:33.0061 3508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:33.0062 3508 BrUsbMdm - ok
20:31:33.0075 3508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:33.0076 3508 BrUsbSer - ok
20:31:33.0085 3508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:31:33.0086 3508 BTHMODEM - ok
20:31:33.0223 3508 catchme - ok
20:31:33.0253 3508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:31:33.0254 3508 cdfs - ok
20:31:33.0304 3508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:31:33.0306 3508 cdrom - ok
20:31:33.0335 3508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:31:33.0337 3508 circlass - ok
20:31:33.0355 3508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:31:33.0359 3508 CLFS - ok
20:31:33.0400 3508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:33.0401 3508 CmBatt - ok
20:31:33.0432 3508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:31:33.0433 3508 cmdide - ok
20:31:33.0474 3508 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:31:33.0479 3508 CNG - ok
20:31:33.0496 3508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:31:33.0497 3508 Compbatt - ok
20:31:33.0544 3508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:31:33.0545 3508 CompositeBus - ok
20:31:33.0558 3508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:31:33.0559 3508 crcdisk - ok
20:31:33.0615 3508 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:31:33.0629 3508 CSC - ok
20:31:33.0676 3508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:31:33.0678 3508 DfsC - ok
20:31:33.0697 3508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:31:33.0698 3508 discache - ok
20:31:33.0723 3508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:31:33.0724 3508 Disk - ok
20:31:33.0760 3508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:31:33.0761 3508 drmkaud - ok
20:31:33.0809 3508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:31:33.0825 3508 DXGKrnl - ok
20:31:33.0891 3508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:31:33.0943 3508 ebdrv - ok
20:31:33.0978 3508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:31:33.0991 3508 elxstor - ok
20:31:34.0036 3508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:31:34.0037 3508 ErrDev - ok
20:31:34.0071 3508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:31:34.0074 3508 exfat - ok
20:31:34.0099 3508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:31:34.0101 3508 fastfat - ok
20:31:34.0130 3508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:31:34.0131 3508 fdc - ok
20:31:34.0154 3508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:31:34.0155 3508 FileInfo - ok
20:31:34.0173 3508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:31:34.0174 3508 Filetrace - ok
20:31:34.0202 3508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:34.0203 3508 flpydisk - ok
20:31:34.0264 3508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:31:34.0268 3508 FltMgr - ok
20:31:34.0302 3508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:31:34.0303 3508 FsDepends - ok
20:31:34.0320 3508 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:31:34.0321 3508 Fs_Rec - ok
20:31:34.0358 3508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:31:34.0361 3508 fvevol - ok
20:31:34.0379 3508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:31:34.0380 3508 gagp30kx - ok
20:31:34.0416 3508 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:34.0417 3508 GEARAspiWDM - ok
20:31:34.0474 3508 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:31:34.0476 3508 hamachi - ok
20:31:34.0495 3508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:31:34.0496 3508 hcw85cir - ok
20:31:34.0545 3508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:31:34.0549 3508 HdAudAddService - ok
20:31:34.0577 3508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:31:34.0578 3508 HDAudBus - ok
20:31:34.0596 3508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:31:34.0597 3508 HidBatt - ok
20:31:34.0609 3508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:31:34.0610 3508 HidBth - ok
20:31:34.0627 3508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:31:34.0634 3508 HidIr - ok
20:31:34.0656 3508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:31:34.0657 3508 HidUsb - ok
20:31:34.0682 3508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:31:34.0683 3508 HpSAMD - ok
20:31:34.0746 3508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:31:34.0762 3508 HTTP - ok
20:31:34.0821 3508 HWiNFO32 (73ba3a0807dd1a1c45d1c726ddaa51ac) C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS
20:31:34.0822 3508 HWiNFO32 - ok
20:31:34.0857 3508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:31:34.0858 3508 hwpolicy - ok
20:31:34.0900 3508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:31:34.0902 3508 i8042prt - ok
20:31:34.0935 3508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:31:34.0939 3508 iaStorV - ok
20:31:34.0991 3508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:31:34.0992 3508 iirsp - ok
20:31:35.0009 3508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:31:35.0010 3508 intelide - ok
20:31:35.0038 3508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:31:35.0039 3508 intelppm - ok
20:31:35.0082 3508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:35.0084 3508 IpFilterDriver - ok
20:31:35.0136 3508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:31:35.0137 3508 IPMIDRV - ok
20:31:35.0154 3508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:31:35.0156 3508 IPNAT - ok
20:31:35.0187 3508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:31:35.0187 3508 IRENUM - ok
20:31:35.0198 3508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:31:35.0199 3508 isapnp - ok
20:31:35.0267 3508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:31:35.0272 3508 iScsiPrt - ok
20:31:35.0297 3508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:31:35.0298 3508 kbdclass - ok
20:31:35.0318 3508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:31:35.0319 3508 kbdhid - ok
20:31:35.0345 3508 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:31:35.0347 3508 KSecDD - ok
20:31:35.0391 3508 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:31:35.0393 3508 KSecPkg - ok
20:31:35.0409 3508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:31:35.0410 3508 ksthunk - ok
20:31:35.0443 3508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:31:35.0444 3508 lltdio - ok
20:31:35.0475 3508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:31:35.0477 3508 LSI_FC - ok
20:31:35.0497 3508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:31:35.0499 3508 LSI_SAS - ok
20:31:35.0516 3508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:31:35.0517 3508 LSI_SAS2 - ok
20:31:35.0532 3508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:31:35.0534 3508 LSI_SCSI - ok
20:31:35.0559 3508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:31:35.0561 3508 luafv - ok
20:31:35.0601 3508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:31:35.0602 3508 megasas - ok
20:31:35.0616 3508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:31:35.0620 3508 MegaSR - ok
20:31:35.0638 3508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:31:35.0639 3508 Modem - ok
20:31:35.0664 3508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:31:35.0665 3508 monitor - ok
20:31:35.0705 3508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:31:35.0706 3508 mouclass - ok
20:31:35.0721 3508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:31:35.0722 3508 mouhid - ok
20:31:35.0757 3508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:31:35.0759 3508 mountmgr - ok
20:31:35.0795 3508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:31:35.0797 3508 mpio - ok
20:31:35.0816 3508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:31:35.0817 3508 mpsdrv - ok
20:31:35.0860 3508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:31:35.0862 3508 MRxDAV - ok
20:31:35.0905 3508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:35.0907 3508 mrxsmb - ok
20:31:35.0944 3508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:35.0947 3508 mrxsmb10 - ok
20:31:35.0962 3508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:35.0964 3508 mrxsmb20 - ok
20:31:35.0981 3508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:31:35.0982 3508 msahci - ok
20:31:35.0997 3508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:31:35.0999 3508 msdsm - ok
20:31:36.0020 3508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:31:36.0021 3508 Msfs - ok
20:31:36.0033 3508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:31:36.0034 3508 mshidkmdf - ok
20:31:36.0077 3508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:31:36.0078 3508 msisadrv - ok
20:31:36.0110 3508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:31:36.0111 3508 MSKSSRV - ok
20:31:36.0124 3508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:36.0126 3508 MSPCLOCK - ok
20:31:36.0141 3508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:31:36.0142 3508 MSPQM - ok
20:31:36.0187 3508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:31:36.0191 3508 MsRPC - ok
20:31:36.0205 3508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:31:36.0205 3508 mssmbios - ok
20:31:36.0222 3508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:31:36.0223 3508 MSTEE - ok
20:31:36.0236 3508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:31:36.0236 3508 MTConfig - ok
20:31:36.0275 3508 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
20:31:36.0276 3508 MTsensor - ok
20:31:36.0298 3508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:31:36.0299 3508 Mup - ok
20:31:36.0330 3508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:31:36.0333 3508 NativeWifiP - ok
20:31:36.0397 3508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:31:36.0414 3508 NDIS - ok
20:31:36.0428 3508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:36.0429 3508 NdisCap - ok
20:31:36.0448 3508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:36.0449 3508 NdisTapi - ok
20:31:36.0486 3508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:36.0487 3508 Ndisuio - ok
20:31:36.0521 3508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:36.0524 3508 NdisWan - ok
20:31:36.0555 3508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:31:36.0557 3508 NDProxy - ok
20:31:36.0569 3508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:31:36.0570 3508 NetBIOS - ok
20:31:36.0611 3508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:31:36.0614 3508 NetBT - ok
20:31:36.0667 3508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:31:36.0668 3508 nfrd960 - ok
20:31:36.0688 3508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:31:36.0689 3508 Npfs - ok
20:31:36.0706 3508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:31:36.0707 3508 nsiproxy - ok
20:31:36.0773 3508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:31:36.0807 3508 Ntfs - ok
20:31:36.0825 3508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:31:36.0826 3508 Null - ok
20:31:36.0860 3508 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:31:36.0865 3508 NVENETFD - ok
20:31:37.0108 3508 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:31:37.0302 3508 nvlddmkm - ok
20:31:37.0580 3508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:31:37.0586 3508 nvraid - ok
20:31:37.0718 3508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:31:37.0719 3508 nvstor - ok
20:31:37.0904 3508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:31:37.0922 3508 nv_agp - ok
20:31:38.0152 3508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:31:38.0164 3508 ohci1394 - ok
20:31:38.0404 3508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:31:38.0420 3508 Parport - ok
20:31:38.0568 3508 Partizan - ok
20:31:38.0625 3508 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:31:38.0627 3508 partmgr - ok
20:31:38.0666 3508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:31:38.0669 3508 pci - ok
20:31:38.0681 3508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:31:38.0681 3508 pciide - ok
20:31:38.0697 3508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:38.0699 3508 pcmcia - ok
20:31:38.0718 3508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:31:38.0719 3508 pcw - ok
20:31:38.0861 3508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:31:38.0872 3508 PEAUTH - ok
20:31:39.0168 3508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:31:39.0186 3508 PptpMiniport - ok
20:31:39.0492 3508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:31:39.0509 3508 Processor - ok
20:31:39.0822 3508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:31:39.0827 3508 Psched - ok
20:31:40.0209 3508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:31:40.0228 3508 ql2300 - ok
20:31:40.0250 3508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:40.0251 3508 ql40xx - ok
20:31:40.0265 3508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:31:40.0267 3508 QWAVEdrv - ok
20:31:40.0362 3508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:31:40.0377 3508 RasAcd - ok
20:31:40.0496 3508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:40.0497 3508 RasAgileVpn - ok
20:31:40.0571 3508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:40.0573 3508 Rasl2tp - ok
20:31:40.0589 3508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:40.0601 3508 RasPppoe - ok
20:31:40.0708 3508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:31:40.0725 3508 RasSstp - ok
20:31:40.0777 3508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:31:40.0780 3508 rdbss - ok
20:31:40.0815 3508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:40.0816 3508 rdpbus - ok
20:31:40.0834 3508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:40.0835 3508 RDPCDD - ok
20:31:40.0890 3508 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:31:40.0894 3508 RDPDR - ok
20:31:41.0003 3508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:31:41.0004 3508 RDPENCDD - ok
20:31:41.0017 3508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:31:41.0018 3508 RDPREFMP - ok
20:31:41.0095 3508 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:31:41.0109 3508 RDPWD - ok
20:31:41.0206 3508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:31:41.0209 3508 rdyboost - ok
20:31:41.0261 3508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:31:41.0263 3508 rspndr - ok
20:31:41.0302 3508 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:31:41.0303 3508 s3cap - ok
20:31:41.0344 3508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:31:41.0345 3508 sbp2port - ok
20:31:41.0385 3508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:31:41.0386 3508 scfilter - ok
20:31:41.0414 3508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:31:41.0415 3508 secdrv - ok
20:31:41.0442 3508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:31:41.0443 3508 Serenum - ok
20:31:41.0454 3508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:31:41.0456 3508 Serial - ok
20:31:41.0496 3508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:31:41.0497 3508 sermouse - ok
20:31:41.0565 3508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:31:41.0566 3508 sffdisk - ok
20:31:41.0582 3508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:31:41.0583 3508 sffp_mmc - ok
20:31:41.0592 3508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:31:41.0593 3508 sffp_sd - ok
20:31:41.0618 3508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:31:41.0619 3508 sfloppy - ok
20:31:41.0642 3508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:31:41.0643 3508 SiSRaid2 - ok
20:31:41.0656 3508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:31:41.0657 3508 SiSRaid4 - ok
20:31:41.0691 3508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:31:41.0693 3508 Smb - ok
20:31:41.0725 3508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:31:41.0726 3508 spldr - ok
20:31:41.0771 3508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:31:41.0776 3508 srv - ok
20:31:41.0816 3508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:31:41.0821 3508 srv2 - ok
20:31:41.0845 3508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:31:41.0847 3508 srvnet - ok
20:31:41.0881 3508 StarOpen - ok
20:31:41.0937 3508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:31:41.0938 3508 stexstor - ok
20:31:41.0994 3508 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:31:41.0996 3508 storflt - ok
20:31:42.0007 3508 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:31:42.0008 3508 storvsc - ok
20:31:42.0026 3508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:31:42.0027 3508 swenum - ok
20:31:42.0102 3508 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:31:42.0137 3508 Tcpip - ok
20:31:42.0186 3508 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:31:42.0196 3508 TCPIP6 - ok
20:31:42.0234 3508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:31:42.0235 3508 tcpipreg - ok
20:31:42.0275 3508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:31:42.0276 3508 TDPIPE - ok
20:31:42.0284 3508 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:31:42.0285 3508 TDTCP - ok
20:31:42.0342 3508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:31:42.0343 3508 tdx - ok
20:31:42.0359 3508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:31:42.0361 3508 TermDD - ok
20:31:42.0434 3508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:42.0435 3508 tssecsrv - ok
20:31:42.0492 3508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:31:42.0494 3508 TsUsbFlt - ok
20:31:42.0552 3508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:42.0554 3508 tunnel - ok
20:31:42.0567 3508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:31:42.0573 3508 uagp35 - ok
20:31:42.0613 3508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:31:42.0616 3508 udfs - ok
20:31:42.0656 3508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:31:42.0657 3508 uliagpkx - ok
20:31:42.0711 3508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:31:42.0712 3508 umbus - ok
20:31:42.0725 3508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:31:42.0726 3508 UmPass - ok
20:31:42.0754 3508 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:31:42.0756 3508 USBAAPL64 - ok
20:31:42.0797 3508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:31:42.0799 3508 usbaudio - ok
20:31:42.0819 3508 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:31:42.0820 3508 usbbus - ok
20:31:42.0858 3508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:42.0860 3508 usbccgp - ok
20:31:42.0909 3508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:31:42.0911 3508 usbcir - ok
20:31:42.0971 3508 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:31:42.0972 3508 UsbDiag - ok
20:31:43.0026 3508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:31:43.0027 3508 usbehci - ok
20:31:43.0054 3508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:43.0058 3508 usbhub - ok
20:31:43.0072 3508 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:31:43.0073 3508 USBModem - ok
20:31:43.0088 3508 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:31:43.0094 3508 usbohci - ok
20:31:43.0115 3508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:31:43.0116 3508 usbprint - ok
20:31:43.0166 3508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:31:43.0167 3508 usbscan - ok
20:31:43.0183 3508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:43.0184 3508 USBSTOR - ok
20:31:43.0200 3508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:31:43.0207 3508 usbuhci - ok
20:31:43.0250 3508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:31:43.0250 3508 vdrvroot - ok
20:31:43.0275 3508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:43.0276 3508 vga - ok
20:31:43.0294 3508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:31:43.0295 3508 VgaSave - ok
20:31:43.0335 3508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:31:43.0338 3508 vhdmp - ok
20:31:43.0376 3508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:31:43.0377 3508 viaide - ok
20:31:43.0393 3508 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:31:43.0396 3508 vmbus - ok
20:31:43.0411 3508 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:31:43.0412 3508 VMBusHID - ok
20:31:43.0430 3508 VMnetAdapter - ok
20:31:43.0447 3508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:31:43.0449 3508 volmgr - ok
20:31:43.0486 3508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:31:43.0489 3508 volmgrx - ok
20:31:43.0513 3508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:31:43.0516 3508 volsnap - ok
20:31:43.0541 3508 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys
20:31:43.0544 3508 vpcbus - ok
20:31:43.0574 3508 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:31:43.0575 3508 vpcnfltr - ok
20:31:43.0594 3508 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys
20:31:43.0596 3508 vpcusb - ok
20:31:43.0622 3508 vpcuxd (4574851fd70edd8476111f880dd66480) C:\Windows\system32\DRIVERS\vpcuxd.sys
20:31:43.0623 3508 vpcuxd - ok
20:31:43.0655 3508 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys
20:31:43.0659 3508 vpcvmm - ok
20:31:43.0715 3508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:31:43.0717 3508 vsmraid - ok
20:31:43.0732 3508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:31:43.0733 3508 vwifibus - ok
20:31:43.0777 3508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:31:43.0778 3508 WacomPen - ok
20:31:43.0804 3508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:43.0805 3508 WANARP - ok
20:31:43.0815 3508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:43.0816 3508 Wanarpv6 - ok
20:31:43.0868 3508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:31:43.0869 3508 Wd - ok
20:31:43.0899 3508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:31:43.0914 3508 Wdf01000 - ok
20:31:43.0978 3508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:43.0979 3508 WfpLwf - ok
20:31:43.0996 3508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:31:43.0997 3508 WIMMount - ok
20:31:44.0095 3508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:44.0096 3508 WinUsb - ok
20:31:44.0117 3508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:31:44.0117 3508 WmiAcpi - ok
20:31:44.0180 3508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:31:44.0181 3508 ws2ifsl - ok
20:31:44.0232 3508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:31:44.0234 3508 WudfPf - ok
20:31:44.0263 3508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:44.0265 3508 WUDFRd - ok
20:31:44.0316 3508 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:31:44.0318 3508 xusb21 - ok
20:31:44.0345 3508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:31:44.0355 3508 \Device\Harddisk0\DR0 - ok
20:31:44.0359 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:31:44.0363 3508 \Device\Harddisk1\DR1 - ok
20:31:44.0365 3508 Boot (0x1200) (dc9464a57ae188fba6f74078d5ad8ae0) \Device\Harddisk0\DR0\Partition0
20:31:44.0366 3508 \Device\Harddisk0\DR0\Partition0 - ok
20:31:44.0383 3508 Boot (0x1200) (2a691b2641981f8b3b8443f3c3b02cd4) \Device\Harddisk0\DR0\Partition1
20:31:44.0384 3508 \Device\Harddisk0\DR0\Partition1 - ok
20:31:44.0387 3508 Boot (0x1200) (61d9c9bd412aa361f1022aad184a0a71) \Device\Harddisk1\DR1\Partition0
20:31:44.0389 3508 \Device\Harddisk1\DR1\Partition0 - ok
20:31:44.0389 3508 ============================================================
20:31:44.0389 3508 Scan finished
20:31:44.0389 3508 ============================================================
20:31:44.0398 2592 Detected object count: 0
20:31:44.0398 2592 Actual detected object count: 0
20:31:54.0610 3408 ============================================================
20:31:54.0610 3408 Scan started
20:31:54.0610 3408 Mode: Manual;
20:31:54.0610 3408 ============================================================
20:31:55.0271 3408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:31:55.0272 3408 1394ohci - ok
20:31:55.0300 3408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:31:55.0302 3408 ACPI - ok
20:31:55.0338 3408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:31:55.0338 3408 AcpiPmi - ok
20:31:55.0370 3408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:31:55.0373 3408 adp94xx - ok
20:31:55.0392 3408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:31:55.0394 3408 adpahci - ok
20:31:55.0418 3408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:31:55.0419 3408 adpu320 - ok
20:31:55.0469 3408 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:31:55.0471 3408 AFD - ok
20:31:55.0491 3408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:31:55.0492 3408 agp440 - ok
20:31:55.0511 3408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:31:55.0512 3408 aliide - ok
20:31:55.0554 3408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:31:55.0554 3408 amdide - ok
20:31:55.0569 3408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:31:55.0569 3408 AmdK8 - ok
20:31:55.0583 3408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:31:55.0584 3408 AmdPPM - ok
20:31:55.0598 3408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:31:55.0599 3408 amdsata - ok
20:31:55.0612 3408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:31:55.0614 3408 amdsbs - ok
20:31:55.0628 3408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:31:55.0629 3408 amdxata - ok
20:31:55.0648 3408 AN983X64 (8b538d3e36efb49fa8a37f9f023862a4) C:\Windows\system32\DRIVERS\AN983X64.sys
20:31:55.0648 3408 AN983X64 - ok
20:31:55.0691 3408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:31:55.0691 3408 AppID - ok
20:31:55.0729 3408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:31:55.0729 3408 arc - ok
20:31:55.0749 3408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:31:55.0750 3408 arcsas - ok
20:31:55.0752 3408 AsIO - ok
20:31:55.0760 3408 Asushwio - ok
20:31:55.0778 3408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:55.0778 3408 AsyncMac - ok
20:31:55.0790 3408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:31:55.0790 3408 atapi - ok
20:31:55.0825 3408 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
20:31:55.0826 3408 AvgLdx64 - ok
20:31:55.0866 3408 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
20:31:55.0866 3408 AvgMfx64 - ok
20:31:55.0907 3408 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
20:31:55.0908 3408 AvgTdiA - ok
20:31:55.0930 3408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:31:55.0932 3408 b06bdrv - ok
20:31:55.0949 3408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:55.0950 3408 b57nd60a - ok
20:31:55.0974 3408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:31:55.0974 3408 Beep - ok
20:31:55.0984 3408 BlackBox - ok
20:31:55.0998 3408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:55.0998 3408 blbdrive - ok
20:31:56.0041 3408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:31:56.0041 3408 bowser - ok
20:31:56.0049 3408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:31:56.0049 3408 BrFiltLo - ok
20:31:56.0067 3408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:31:56.0067 3408 BrFiltUp - ok
20:31:56.0086 3408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:31:56.0088 3408 Brserid - ok
20:31:56.0101 3408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:56.0101 3408 BrSerWdm - ok
20:31:56.0110 3408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:56.0111 3408 BrUsbMdm - ok
20:31:56.0124 3408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:56.0124 3408 BrUsbSer - ok
20:31:56.0132 3408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:31:56.0132 3408 BTHMODEM - ok
20:31:56.0213 3408 catchme - ok
20:31:56.0235 3408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:31:56.0236 3408 cdfs - ok
20:31:56.0278 3408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:31:56.0279 3408 cdrom - ok
20:31:56.0293 3408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:31:56.0293 3408 circlass - ok
20:31:56.0312 3408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:31:56.0314 3408 CLFS - ok
20:31:56.0328 3408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:56.0328 3408 CmBatt - ok
20:31:56.0364 3408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:31:56.0364 3408 cmdide - ok
20:31:56.0406 3408 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:31:56.0409 3408 CNG - ok
20:31:56.0420 3408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:31:56.0420 3408 Compbatt - ok
20:31:56.0460 3408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:31:56.0460 3408 CompositeBus - ok
20:31:56.0470 3408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:31:56.0470 3408 crcdisk - ok
20:31:56.0522 3408 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:31:56.0524 3408 CSC - ok
20:31:56.0567 3408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:31:56.0567 3408 DfsC - ok
20:31:56.0588 3408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:31:56.0588 3408 discache - ok
20:31:56.0605 3408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:31:56.0606 3408 Disk - ok
20:31:56.0634 3408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:31:56.0635 3408 drmkaud - ok
20:31:56.0684 3408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:31:56.0690 3408 DXGKrnl - ok
20:31:56.0758 3408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:31:56.0774 3408 ebdrv - ok
20:31:56.0801 3408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:31:56.0804 3408 elxstor - ok
20:31:56.0843 3408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:31:56.0843 3408 ErrDev - ok
20:31:56.0870 3408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:31:56.0872 3408 exfat - ok
20:31:56.0890 3408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:31:56.0891 3408 fastfat - ok
20:31:56.0904 3408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:31:56.0905 3408 fdc - ok
20:31:56.0917 3408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:31:56.0917 3408 FileInfo - ok
20:31:56.0930 3408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:31:56.0931 3408 Filetrace - ok
20:31:56.0951 3408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:56.0951 3408 flpydisk - ok
20:31:56.0997 3408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:31:56.0998 3408 FltMgr - ok
20:31:57.0018 3408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:31:57.0019 3408 FsDepends - ok
20:31:57.0036 3408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:31:57.0036 3408 Fs_Rec - ok
20:31:57.0074 3408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:31:57.0075 3408 fvevol - ok
20:31:57.0094 3408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:31:57.0095 3408 gagp30kx - ok
20:31:57.0131 3408 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:57.0132 3408 GEARAspiWDM - ok
20:31:57.0157 3408 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:31:57.0157 3408 hamachi - ok
20:31:57.0169 3408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:31:57.0170 3408 hcw85cir - ok
20:31:57.0211 3408 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:31:57.0213 3408 HdAudAddService - ok
20:31:57.0225 3408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:31:57.0226 3408 HDAudBus - ok
20:31:57.0245 3408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:31:57.0246 3408 HidBatt - ok
20:31:57.0266 3408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:31:57.0266 3408 HidBth - ok
20:31:57.0284 3408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:31:57.0285 3408 HidIr - ok
20:31:57.0305 3408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:31:57.0305 3408 HidUsb - ok
20:31:57.0322 3408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:31:57.0323 3408 HpSAMD - ok
20:31:57.0370 3408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:31:57.0374 3408 HTTP - ok
20:31:57.0412 3408 HWiNFO32 (73ba3a0807dd1a1c45d1c726ddaa51ac) C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS
20:31:57.0412 3408 HWiNFO32 - ok
20:31:57.0447 3408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:31:57.0448 3408 hwpolicy - ok
20:31:57.0483 3408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:31:57.0483 3408 i8042prt - ok
20:31:57.0518 3408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:31:57.0520 3408 iaStorV - ok
20:31:57.0540 3408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:31:57.0540 3408 iirsp - ok
20:31:57.0558 3408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:31:57.0558 3408 intelide - ok
20:31:57.0578 3408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:31:57.0579 3408 intelppm - ok
20:31:57.0615 3408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:57.0615 3408 IpFilterDriver - ok
20:31:57.0635 3408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:31:57.0635 3408 IPMIDRV - ok
20:31:57.0653 3408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:31:57.0654 3408 IPNAT - ok
20:31:57.0669 3408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:31:57.0670 3408 IRENUM - ok
20:31:57.0680 3408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:31:57.0681 3408 isapnp - ok
20:31:57.0703 3408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:31:57.0704 3408 iScsiPrt - ok
20:31:57.0721 3408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:31:57.0722 3408 kbdclass - ok
20:31:57.0743 3408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:31:57.0744 3408 kbdhid - ok
20:31:57.0761 3408 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:31:57.0762 3408 KSecDD - ok
20:31:57.0807 3408 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:31:57.0808 3408 KSecPkg - ok
20:31:57.0825 3408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:31:57.0825 3408 ksthunk - ok
20:31:57.0850 3408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:31:57.0851 3408 lltdio - ok
20:31:57.0874 3408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:31:57.0875 3408 LSI_FC - ok
20:31:57.0888 3408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:31:57.0888 3408 LSI_SAS - ok
20:31:57.0906 3408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:31:57.0907 3408 LSI_SAS2 - ok
20:31:57.0923 3408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:31:57.0924 3408 LSI_SCSI - ok
20:31:57.0941 3408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:31:57.0942 3408 luafv - ok
20:31:57.0956 3408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:31:57.0956 3408 megasas - ok
20:31:57.0974 3408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:31:57.0975 3408 MegaSR - ok
20:31:57.0995 3408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:31:57.0996 3408 Modem - ok
20:31:58.0013 3408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:31:58.0014 3408 monitor - ok
20:31:58.0054 3408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:31:58.0055 3408 mouclass - ok
20:31:58.0070 3408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:31:58.0070 3408 mouhid - ok
20:31:58.0106 3408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:31:58.0107 3408 mountmgr - ok
20:31:58.0144 3408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:31:58.0145 3408 mpio - ok
20:31:58.0165 3408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:31:58.0166 3408 mpsdrv - ok
20:31:58.0209 3408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:31:58.0210 3408 MRxDAV - ok
20:31:58.0246 3408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:58.0247 3408 mrxsmb - ok
20:31:58.0285 3408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:58.0286 3408 mrxsmb10 - ok
20:31:58.0303 3408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:58.0304 3408 mrxsmb20 - ok
20:31:58.0321 3408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:31:58.0322 3408 msahci - ok
20:31:58.0338 3408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:31:58.0339 3408 msdsm - ok
20:31:58.0378 3408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:31:58.0378 3408 Msfs - ok
20:31:58.0391 3408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:31:58.0391 3408 mshidkmdf - ok
20:31:58.0426 3408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:31:58.0426 3408 msisadrv - ok
20:31:58.0442 3408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:31:58.0442 3408 MSKSSRV - ok
20:31:58.0450 3408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:58.0451 3408 MSPCLOCK - ok
20:31:58.0462 3408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:31:58.0463 3408 MSPQM - ok
20:31:58.0510 3408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:31:58.0512 3408 MsRPC - ok
20:31:58.0523 3408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:31:58.0523 3408 mssmbios - ok
20:31:58.0538 3408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:31:58.0539 3408 MSTEE - ok
20:31:58.0551 3408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:31:58.0552 3408 MTConfig - ok
20:31:58.0574 3408 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
20:31:58.0574 3408 MTsensor - ok
20:31:58.0589 3408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:31:58.0589 3408 Mup - ok
20:31:58.0612 3408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:31:58.0613 3408 NativeWifiP - ok
20:31:58.0663 3408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:31:58.0668 3408 NDIS - ok
20:31:58.0686 3408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:58.0686 3408 NdisCap - ok
20:31:58.0697 3408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:58.0697 3408 NdisTapi - ok
20:31:58.0735 3408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:58.0735 3408 Ndisuio - ok
20:31:58.0770 3408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:58.0772 3408 NdisWan - ok
20:31:58.0805 3408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:31:58.0805 3408 NDProxy - ok
20:31:58.0818 3408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:31:58.0818 3408 NetBIOS - ok
20:31:58.0885 3408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:31:58.0887 3408 NetBT - ok
20:31:58.0974 3408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:31:58.0975 3408 nfrd960 - ok
20:31:58.0995 3408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:31:58.0996 3408 Npfs - ok
20:31:59.0013 3408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:31:59.0013 3408 nsiproxy - ok
20:31:59.0080 3408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:31:59.0089 3408 Ntfs - ok
20:31:59.0107 3408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:31:59.0108 3408 Null - ok
20:31:59.0134 3408 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:31:59.0136 3408 NVENETFD - ok
20:31:59.0373 3408 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:31:59.0436 3408 nvlddmkm - ok
20:31:59.0478 3408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:31:59.0479 3408 nvraid - ok
20:31:59.0520 3408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:31:59.0521 3408 nvstor - ok
20:31:59.0545 3408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:31:59.0545 3408 nv_agp - ok
20:31:59.0584 3408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:31:59.0585 3408 ohci1394 - ok
20:31:59.0612 3408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:31:59.0612 3408 Parport - ok
20:31:59.0620 3408 Partizan - ok
20:31:59.0666 3408 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:31:59.0667 3408 partmgr - ok
20:31:59.0682 3408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:31:59.0683 3408 pci - ok
20:31:59.0696 3408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:31:59.0697 3408 pciide - ok
20:31:59.0712 3408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:59.0713 3408 pcmcia - ok
20:31:59.0725 3408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:31:59.0725 3408 pcw - ok
20:31:59.0754 3408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:31:59.0758 3408 PEAUTH - ok
20:31:59.0817 3408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:31:59.0818 3408 PptpMiniport - ok
20:31:59.0833 3408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:31:59.0833 3408 Processor - ok
20:31:59.0871 3408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:31:59.0872 3408 Psched - ok
20:31:59.0908 3408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:31:59.0915 3408 ql2300 - ok
20:31:59.0932 3408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:59.0933 3408 ql40xx - ok
20:31:59.0948 3408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:31:59.0948 3408 QWAVEdrv - ok
20:31:59.0961 3408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:31:59.0962 3408 RasAcd - ok
20:31:59.0979 3408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:59.0979 3408 RasAgileVpn - ok
20:32:00.0020 3408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:32:00.0021 3408 Rasl2tp - ok
20:32:00.0046 3408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:32:00.0047 3408 RasPppoe - ok
20:32:00.0066 3408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:32:00.0067 3408 RasSstp - ok
20:32:00.0109 3408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:32:00.0111 3408 rdbss - ok
20:32:00.0148 3408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:32:00.0148 3408 rdpbus - ok
20:32:00.0158 3408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:32:00.0159 3408 RDPCDD - ok
20:32:00.0208 3408 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:32:00.0209 3408 RDPDR - ok
20:32:00.0219 3408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:32:00.0220 3408 RDPENCDD - ok
20:32:00.0232 3408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:32:00.0233 3408 RDPREFMP - ok
20:32:00.0278 3408 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:32:00.0279 3408 RDPWD - ok
20:32:00.0313 3408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:32:00.0314 3408 rdyboost - ok
20:32:00.0352 3408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:32:00.0353 3408 rspndr - ok
20:32:00.0393 3408 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:32:00.0393 3408 s3cap - ok
20:32:00.0434 3408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:32:00.0435 3408 sbp2port - ok
20:32:00.0476 3408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:32:00.0476 3408 scfilter - ok
20:32:00.0496 3408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:32:00.0497 3408 secdrv - ok
20:32:00.0517 3408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:32:00.0517 3408 Serenum - ok
20:32:00.0529 3408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:32:00.0529 3408 Serial - ok
20:32:00.0570 3408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:32:00.0570 3408 sermouse - ok
20:32:00.0614 3408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:32:00.0615 3408 sffdisk - ok
20:32:00.0623 3408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:32:00.0623 3408 sffp_mmc - ok
20:32:00.0632 3408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:32:00.0633 3408 sffp_sd - ok
20:32:00.0651 3408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:32:00.0651 3408 sfloppy - ok
20:32:00.0666 3408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:32:00.0666 3408 SiSRaid2 - ok
20:32:00.0680 3408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:32:00.0681 3408 SiSRaid4 - ok
20:32:00.0699 3408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:32:00.0700 3408 Smb - ok
20:32:00.0716 3408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:32:00.0717 3408 spldr - ok
20:32:00.0762 3408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:32:00.0764 3408 srv - ok
20:32:00.0807 3408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:32:00.0809 3408 srv2 - ok
20:32:00.0828 3408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:32:00.0829 3408 srvnet - ok
20:32:00.0841 3408 StarOpen - ok
20:32:00.0861 3408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:32:00.0861 3408 stexstor - ok
20:32:00.0885 3408 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:32:00.0886 3408 storflt - ok
20:32:00.0910 3408 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:32:00.0910 3408 storvsc - ok
20:32:00.0933 3408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:32:00.0934 3408 swenum - ok
20:32:01.0010 3408 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:32:01.0020 3408 Tcpip - ok
20:32:01.0068 3408 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:32:01.0078 3408 TCPIP6 - ok
20:32:01.0116 3408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:32:01.0117 3408 tcpipreg - ok
20:32:01.0133 3408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:32:01.0133 3408 TDPIPE - ok
20:32:01.0141 3408 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:32:01.0142 3408 TDTCP - ok
20:32:01.0182 3408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:32:01.0183 3408 tdx - ok
20:32:01.0200 3408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:32:01.0201 3408 TermDD - ok
20:32:01.0241 3408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:01.0242 3408 tssecsrv - ok
20:32:01.0283 3408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:32:01.0284 3408 TsUsbFlt - ok
20:32:01.0318 3408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:32:01.0319 3408 tunnel - ok
20:32:01.0333 3408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:32:01.0333 3408 uagp35 - ok
20:32:01.0370 3408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:32:01.0372 3408 udfs - ok
20:32:01.0397 3408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:32:01.0397 3408 uliagpkx - ok
20:32:01.0435 3408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:32:01.0436 3408 umbus - ok
20:32:01.0450 3408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:32:01.0450 3408 UmPass - ok
20:32:01.0478 3408 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:32:01.0479 3408 USBAAPL64 - ok
20:32:01.0512 3408 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:32:01.0513 3408 usbaudio - ok
20:32:01.0535 3408 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:32:01.0535 3408 usbbus - ok
20:32:01.0549 3408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:32:01.0550 3408 usbccgp - ok
20:32:01.0592 3408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:32:01.0593 3408 usbcir - ok
20:32:01.0612 3408 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:32:01.0613 3408 UsbDiag - ok
20:32:01.0633 3408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:32:01.0634 3408 usbehci - ok
20:32:01.0654 3408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:32:01.0656 3408 usbhub - ok
20:32:01.0671 3408 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:32:01.0671 3408 USBModem - ok
20:32:01.0687 3408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:32:01.0688 3408 usbohci - ok
20:32:01.0706 3408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:32:01.0707 3408 usbprint - ok
20:32:01.0740 3408 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:32:01.0740 3408 usbscan - ok
20:32:01.0757 3408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:32:01.0758 3408 USBSTOR - ok
20:32:01.0775 3408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:32:01.0775 3408 usbuhci - ok
20:32:01.0799 3408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:32:01.0799 3408 vdrvroot - ok
20:32:01.0816 3408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:32:01.0816 3408 vga - ok
20:32:01.0835 3408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:32:01.0836 3408 VgaSave - ok
20:32:01.0851 3408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:32:01.0853 3408 vhdmp - ok
20:32:01.0892 3408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:32:01.0893 3408 viaide - ok
20:32:01.0934 3408 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:32:01.0936 3408 vmbus - ok
20:32:01.0976 3408 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:32:01.0977 3408 VMBusHID - ok
20:32:01.0986 3408 VMnetAdapter - ok
20:32:02.0013 3408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:32:02.0014 3408 volmgr - ok
20:32:02.0052 3408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:32:02.0054 3408 volmgrx - ok
20:32:02.0079 3408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:32:02.0080 3408 volsnap - ok
20:32:02.0107 3408 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys
20:32:02.0108 3408 vpcbus - ok
20:32:02.0131 3408 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:32:02.0132 3408 vpcnfltr - ok
20:32:02.0152 3408 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys
20:32:02.0153 3408 vpcusb - ok
20:32:02.0171 3408 vpcuxd (4574851fd70edd8476111f880dd66480) C:\Windows\system32\DRIVERS\vpcuxd.sys
20:32:02.0172 3408 vpcuxd - ok
20:32:02.0196 3408 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys
20:32:02.0197 3408 vpcvmm - ok
20:32:02.0214 3408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:32:02.0215 3408 vsmraid - ok
20:32:02.0231 3408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:32:02.0232 3408 vwifibus - ok
20:32:02.0251 3408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:32:02.0252 3408 WacomPen - ok
20:32:02.0270 3408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:02.0271 3408 WANARP - ok
20:32:02.0274 3408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:02.0274 3408 Wanarpv6 - ok
20:32:02.0300 3408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:32:02.0301 3408 Wd - ok
20:32:02.0323 3408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:32:02.0327 3408 Wdf01000 - ok
20:32:02.0353 3408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:32:02.0353 3408 WfpLwf - ok
20:32:02.0370 3408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:32:02.0370 3408 WIMMount - ok
20:32:02.0428 3408 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:32:02.0428 3408 WinUsb - ok
20:32:02.0449 3408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:32:02.0449 3408 WmiAcpi - ok
20:32:02.0471 3408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:32:02.0471 3408 ws2ifsl - ok
20:32:02.0515 3408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:32:02.0516 3408 WudfPf - ok
20:32:02.0537 3408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:02.0538 3408 WUDFRd - ok
20:32:02.0566 3408 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:32:02.0566 3408 xusb21 - ok
20:32:02.0577 3408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:32:02.0588 3408 \Device\Harddisk0\DR0 - ok
20:32:02.0592 3408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:32:02.0596 3408 \Device\Harddisk1\DR1 - ok
20:32:02.0600 3408 Boot (0x1200) (dc9464a57ae188fba6f74078d5ad8ae0) \Device\Harddisk0\DR0\Partition0
20:32:02.0601 3408 \Device\Harddisk0\DR0\Partition0 - ok
20:32:02.0616 3408 Boot (0x1200) (2a691b2641981f8b3b8443f3c3b02cd4) \Device\Harddisk0\DR0\Partition1
20:32:02.0617 3408 \Device\Harddisk0\DR0\Partition1 - ok
20:32:02.0621 3408 Boot (0x1200) (61d9c9bd412aa361f1022aad184a0a71) \Device\Harddisk1\DR1\Partition0
20:32:02.0622 3408 \Device\Harddisk1\DR1\Partition0 - ok
20:32:02.0623 3408 ============================================================
20:32:02.0623 3408 Scan finished
20:32:02.0623 3408 ============================================================
20:32:02.0636 6136 Detected object count: 0
20:32:02.0636 6136 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 08 December 2011 - 09:04 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tknick90

tknick90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 December 2011 - 01:40 PM

I've tried aswMBR.exe but I can't get it to execute. It appears in the task manager very briefly and then is terminated. I've tried renaming and then running the aswMBR.exe several times already to no avail.

Thanks for the help thus far. :)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 08 December 2011 - 01:49 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tknick90

tknick90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 December 2011 - 05:03 PM

fixTDSS detected Infected MBR and the repair was successful.

aswMBR is now able to run. Here's the log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 16:46:16
-----------------------------
16:46:16.797 OS Version: Windows x64 6.1.7601 Service Pack 1
16:46:16.797 Number of processors: 4 586 0xF0B
16:46:16.797 ComputerName: TYLER-PC UserName: Tyler
16:46:17.843 Initialize success
16:48:45.108 AVAST engine defs: 11120801
16:48:50.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
16:48:50.709 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
16:48:52.737 Disk 0 MBR read successfully
16:48:52.737 Disk 0 MBR scan
16:48:52.737 Disk 0 Windows 7 default MBR code
16:48:52.737 Service scanning
16:48:54.234 Service Asushwio D:\Bin\64bit\Asushwio.sys **LOCKED** 21
16:48:55.513 Modules scanning
16:48:55.513 Disk 0 trace - called modules:
16:48:55.529 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
16:48:55.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a0c060]
16:48:55.529 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004780690]
16:48:55.529 5 ACPI.sys[fffff88000eca7a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80047809c0]
16:48:56.761 AVAST engine scan C:\Windows
16:49:00.630 AVAST engine scan C:\Windows\system32
16:50:46.117 AVAST engine scan C:\Windows\system32\drivers
16:50:57.179 AVAST engine scan C:\Users\Tyler
16:59:17.285 AVAST engine scan C:\ProgramData
17:01:42.927 Scan finished successfully
17:02:45.608 Disk 0 MBR has been saved successfully to "C:\Users\Tyler\Downloads\MBR.dat"
17:02:45.624 The log file has been saved successfully to "C:\Users\Tyler\Downloads\aswMBR.txt"

Edited by tknick90, 08 December 2011 - 05:03 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 08 December 2011 - 05:26 PM

Hello

How is the computer doing now/


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tknick90

tknick90
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 10 December 2011 - 05:02 PM

Hi. Ever since fixTDSS I haven't experienced any of my original issues. Things seem to be running normally now. I did experience one BSOD yesterday, but unfortunately I didn't write down the error codes in time.

Here is my latest ComboFix log:

ComboFix 11-12-10.01 - Tyler 12/10/2011 16:34:29.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2542 [GMT -5:00]
Running from: c:\users\Tyler\Downloads\ComboFix.exe
Command switches used :: c:\users\Tyler\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 21:41 . 2011-12-10 21:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-10 21:41 . 2011-12-10 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 21:41 . 2011-12-10 21:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-30 16:24 . 2011-11-30 16:24 -------- d-----w- c:\users\Tyler\AppData\Roaming\Ableton
2011-11-30 16:24 . 2011-11-30 16:24 -------- d-----w- c:\programdata\Ableton
2011-11-30 14:51 . 2011-11-30 14:51 2 --shatr- c:\windows\winstart.bat
2011-11-30 14:51 . 2011-12-09 02:03 -------- d-----w- c:\program files (x86)\UnHackMe
2011-11-27 15:38 . 2011-11-27 15:38 -------- d-----w- c:\windows\system32\Macromed
2011-11-26 23:19 . 2011-11-26 23:19 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-26 22:58 . 2011-11-26 22:58 111408 ----a-w- c:\windows\system32\drivers\97351660.sys
2011-11-18 23:51 . 2011-03-29 19:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2011-11-18 23:48 . 2011-11-18 23:48 -------- d-----w- c:\program files (x86)\Ableton
2011-11-18 22:33 . 2011-11-18 22:33 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:28 . 2011-09-23 20:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-14 22:17 . 2009-11-07 04:43 215160 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-14 22:17 . 2009-10-01 01:03 215160 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-14 22:17 . 2009-10-01 01:03 215160 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 03:25 . 2011-10-11 21:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-11 21:20 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29 . 2011-11-09 00:12 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 00:12 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-09-12 23:55 . 2009-08-24 21:54 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-07_21.40.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 10:45 . 2011-12-10 21:29 65162 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-10 21:29 36066 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-19 07:03 . 2011-12-10 21:29 25570 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2412423666-3499215133-571947453-1001_UserData.bin
+ 2009-08-19 07:31 . 2011-12-09 13:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:31 . 2011-12-07 17:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:31 . 2011-12-07 17:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-19 07:31 . 2011-12-09 13:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-09 13:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-07 17:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-10 21:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-19 07:02 . 2011-12-07 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-25 00:15 . 2011-12-07 17:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-25 00:15 . 2011-12-08 18:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-25 00:15 . 2011-12-07 17:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-25 00:15 . 2011-12-08 18:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-25 00:15 . 2011-12-07 17:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-11-25 00:15 . 2011-12-08 18:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2009-08-19 07:02 . 2011-12-07 17:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-10 21:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-19 07:02 . 2011-12-07 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 07:02 . 2011-12-10 21:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-19 07:02 . 2011-12-07 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-19 07:02 . 2011-12-10 21:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-19 07:02 . 2011-12-10 21:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-19 07:02 . 2011-12-07 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-07 17:12 . 2011-12-07 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-10 21:27 . 2011-12-10 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-07 17:12 . 2011-12-07 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 21:27 . 2011-12-10 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-08 18:28 . 2011-12-08 18:28 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2009-07-14 02:36 . 2011-12-07 17:18 661892 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-10 21:32 661892 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-07 17:18 121810 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-10 21:32 121810 c:\windows\system32\perfc009.dat
+ 2011-12-08 18:28 . 2011-12-08 18:28 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
- 2009-07-14 05:01 . 2011-12-07 05:04 399968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-10 03:32 399968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-27 01:07 . 2011-12-08 18:28 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-12-08 18:28 . 2011-12-08 18:28 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2010-04-16 07:05 . 2011-12-10 03:32 48516136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2412423666-3499215133-571947453-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-02 601088]
"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2009-8-25 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 Asushwio;Asushwio;d:\bin\64bit\Asushwio.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-02-17 31104]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 19:38]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 19:38]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412423666-3499215133-571947453-1001Core.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-17 01:15]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412423666-3499215133-571947453-1001UA.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-17 01:15]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A053E56-D4EB-453B-8D59-90FF13D75D6C}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C619DBF4-8ABF-420C-9EBC-7C95B0F055FC}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\8dw4u93w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2493242&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{16BFBB5D-BC7D-4D83-8F5A-62DDF0FB1B89} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2412423666-3499215133-571947453-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,9b,46,30,cd,7e,de,84,b8,88,f0,d4,e2,b6,bb,b6,cc,4e,b5,f2,97,b0,c9,
e4,ba,d8,94,89,09,c8,b8,35,18,13,c1,75,c3,4c,9b,a5,6a,5d,67,6b,d7,5c,29,2c,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-10 16:43:47
ComboFix-quarantined-files.txt 2011-12-10 21:43
ComboFix2.txt 2011-12-07 21:57
ComboFix3.txt 2011-11-25 17:49
ComboFix4.txt 2011-08-25 18:24
.
Pre-Run: 170,096,738,304 bytes free
Post-Run: 170,394,656,768 bytes free
.
- - End Of File - - 3473940FAD428C4254D7AAF5908AF103

Edited by tknick90, 10 December 2011 - 05:02 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 10 December 2011 - 09:54 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 13 December 2011 - 01:25 AM

Hello


Haven't heard from you in a couple of days so I am checking up on you. How are things going.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 AM

Posted 16 December 2011 - 02:58 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users